This section describes the message flow and the semantics of
each message type. (Details of the exact representation of each
message appear in Section
44.4.) There are several different sub-protocols depending on
the state of the connection: start-up, query, function call,
COPY, and termination. There are also special provisions for
asynchronous operations (including notification responses and
command cancellation), which can occur at any time after the
start-up phase.

To begin a session, a frontend opens a connection to the
server and sends a startup message. This message includes the
names of the user and of the database the user wants to connect
to; it also identifies the particular protocol version to be
used. (Optionally, the startup message can include additional
settings for run-time parameters.) The server then uses this
information and the contents of its configuration files (such
as pg_hba.conf) to determine whether
the connection is provisionally acceptable, and what additional
authentication is required (if any).

The server then sends an appropriate authentication request
message, to which the frontend must reply with an appropriate
authentication response message (such as a password). In
principle the authentication request/response cycle could
require multiple iterations, but none of the present
authentication methods use more than one request and response.
In some methods, no response at all is needed from the
frontend, and so no authentication request occurs.

The authentication cycle ends with the server either
rejecting the connection attempt (ErrorResponse), or sending
AuthenticationOk.

The possible messages from the server in this phase are:

ErrorResponse

The connection attempt has been rejected. The server
then immediately closes the connection.

AuthenticationOk

The authentication exchange is successfully
completed.

AuthenticationKerberosV4

The frontend must now take part in a Kerberos V4
authentication dialog (not described here, part of the
Kerberos specification) with the server. If this is
successful, the server responds with an AuthenticationOk,
otherwise it responds with an ErrorResponse.

AuthenticationKerberosV5

The frontend must now take part in a Kerberos V5
authentication dialog (not described here, part of the
Kerberos specification) with the server. If this is
successful, the server responds with an AuthenticationOk,
otherwise it responds with an ErrorResponse.

AuthenticationCleartextPassword

The frontend must now send a PasswordMessage
containing the password in clear-text form. If this is
the correct password, the server responds with an
AuthenticationOk, otherwise it responds with an
ErrorResponse.

AuthenticationCryptPassword

The frontend must now send a PasswordMessage
containing the password encrypted via crypt(3), using the
2-character salt specified in the
AuthenticationCryptPassword message. If this is the
correct password, the server responds with an
AuthenticationOk, otherwise it responds with an
ErrorResponse.

AuthenticationMD5Password

The frontend must now send a PasswordMessage
containing the password encrypted via MD5, using the
4-character salt specified in the
AuthenticationMD5Password message. If this is the correct
password, the server responds with an AuthenticationOk,
otherwise it responds with an ErrorResponse.

AuthenticationSCMCredential

This response is only possible for local Unix-domain
connections on platforms that support SCM credential
messages. The frontend must issue an SCM credential
message and then send a single data byte. (The contents
of the data byte are uninteresting; it's only used to
ensure that the server waits long enough to receive the
credential message.) If the credential is acceptable, the
server responds with an AuthenticationOk, otherwise it
responds with an ErrorResponse.

If the frontend does not support the authentication method
requested by the server, then it should immediately close the
connection.

After having received AuthenticationOk, the frontend must
wait for further messages from the server. In this phase a
backend process is being started, and the frontend is just an
interested bystander. It is still possible for the startup
attempt to fail (ErrorResponse), but in the normal case the
backend will send some ParameterStatus messages,
BackendKeyData, and finally ReadyForQuery.

During this phase the backend will attempt to apply any
additional run-time parameter settings that were given in the
startup message. If successful, these values become session
defaults. An error causes ErrorResponse and exit.

The possible messages from the backend in this phase
are:

BackendKeyData

This message provides secret-key data that the
frontend must save if it wants to be able to issue cancel
requests later. The frontend should not respond to this
message, but should continue listening for a
ReadyForQuery message.

ParameterStatus

This message informs the frontend about the current
(initial) setting of backend parameters, such as
client_encoding or DateStyle. The frontend may ignore this
message, or record the settings for its future use; see
Section
44.2.6 for more detail. The frontend should not
respond to this message, but should continue listening
for a ReadyForQuery message.

ReadyForQuery

Start-up is completed. The frontend may now issue
commands.

ErrorResponse

Start-up failed. The connection is closed after
sending this message.

NoticeResponse

A warning message has been issued. The frontend should
display the message but continue listening for
ReadyForQuery or ErrorResponse.

The ReadyForQuery message is the same one that the backend
will issue after each command cycle. Depending on the coding
needs of the frontend, it is reasonable to consider
ReadyForQuery as starting a command cycle, or to consider
ReadyForQuery as ending the start-up phase and each subsequent
command cycle.

A simple query cycle is initiated by the frontend sending a
Query message to the backend. The message includes an SQL
command (or commands) expressed as a text string. The backend
then sends one or more response messages depending on the
contents of the query command string, and finally a
ReadyForQuery response message. ReadyForQuery informs the
frontend that it may safely send a new command. (It is not
actually necessary for the frontend to wait for ReadyForQuery
before issuing another command, but the frontend must then take
responsibility for figuring out what happens if the earlier
command fails and already-issued later commands succeed.)

The possible response messages from the backend are:

CommandComplete

An SQL command completed normally.

CopyInResponse

The backend is ready to copy data from the frontend to
a table; see Section
44.2.5.

CopyOutResponse

The backend is ready to copy data from a table to the
frontend; see Section
44.2.5.

RowDescription

Indicates that rows are about to be returned in
response to a SELECT, FETCH, etc query. The contents of this
message describe the column layout of the rows. This will
be followed by a DataRow message for each row being
returned to the frontend.

DataRow

One of the set of rows returned by a SELECT, FETCH,
etc query.

EmptyQueryResponse

An empty query string was recognized.

ErrorResponse

An error has occurred.

ReadyForQuery

Processing of the query string is complete. A separate
message is sent to indicate this because the query string
may contain multiple SQL commands. (CommandComplete marks
the end of processing one SQL command, not the whole
string.) ReadyForQuery will always be sent, whether
processing terminates successfully or with an error.

NoticeResponse

A warning message has been issued in relation to the
query. Notices are in addition to other responses, i.e.,
the backend will continue processing the command.

The response to a SELECT query (or
other queries that return row sets, such as EXPLAIN or SHOW)
normally consists of RowDescription, zero or more DataRow
messages, and then CommandComplete. COPY to or from the frontend invokes special
protocol as described in Section 44.2.5. All
other query types normally produce only a CommandComplete
message.

Since a query string could contain several queries
(separated by semicolons), there might be several such response
sequences before the backend finishes processing the query
string. ReadyForQuery is issued when the entire string has been
processed and the backend is ready to accept a new query
string.

If a completely empty (no contents other than whitespace)
query string is received, the response is EmptyQueryResponse
followed by ReadyForQuery.

In the event of an error, ErrorResponse is issued followed
by ReadyForQuery. All further processing of the query string is
aborted by ErrorResponse (even if more queries remained in it).
Note that this may occur partway through the sequence of
messages generated by an individual query.

In simple Query mode, the format of retrieved values is
always text, except when the given command is a FETCH from a cursor declared with the BINARY option. In that case, the retrieved
values are in binary format. The format codes given in the
RowDescription message tell which format is being used.

A frontend must be prepared to accept ErrorResponse and
NoticeResponse messages whenever it is expecting any other type
of message. See also Section 44.2.6
concerning messages that the backend may generate due to
outside events.

Recommended practice is to code frontends in a state-machine
style that will accept any message type at any time that it
could make sense, rather than wiring in assumptions about the
exact sequence of messages.

The extended query protocol breaks down the above-described
simple query protocol into multiple steps. The results of
preparatory steps can be re-used multiple times for improved
efficiency. Furthermore, additional features are available,
such as the possibility of supplying data values as separate
parameters instead of having to insert them directly into a
query string.

In the extended protocol, the frontend first sends a Parse
message, which contains a textual query string, optionally some
information about data types of parameter placeholders, and the
name of a destination prepared-statement object (an empty
string selects the unnamed prepared statement). The response is
either ParseComplete or ErrorResponse. Parameter data types may
be specified by OID; if not given, the parser attempts to infer
the data types in the same way as it would do for untyped
literal string constants.

Note: The query string contained in a Parse
message cannot include more than one SQL statement; else a
syntax error is reported. This restriction does not exist
in the simple-query protocol, but it does exist in the
extended protocol, because allowing prepared statements or
portals to contain multiple commands would complicate the
protocol unduly.

If successfully created, a named prepared-statement object
lasts till the end of the current session, unless explicitly
destroyed. An unnamed prepared statement lasts only until the
next Parse statement specifying the unnamed statement as
destination is issued. (Note that a simple Query message also
destroys the unnamed statement.) Named prepared statements must
be explicitly closed before they can be redefined by a Parse
message, but this is not required for the unnamed statement.
Named prepared statements can also be created and accessed at
the SQL command level, using PREPARE
and EXECUTE.

Once a prepared statement exists, it can be readied for
execution using a Bind message. The Bind message gives the name
of the source prepared statement (empty string denotes the
unnamed prepared statement), the name of the destination portal
(empty string denotes the unnamed portal), and the values to
use for any parameter placeholders present in the prepared
statement. The supplied parameter set must match those needed
by the prepared statement. Bind also specifies the format to
use for any data returned by the query; the format can be
specified overall, or per-column. The response is either
BindComplete or ErrorResponse.

Note: The choice between text and binary output
is determined by the format codes given in Bind, regardless
of the SQL command involved. The BINARY attribute in cursor declarations is
irrelevant when using extended query protocol.

If successfully created, a named portal object lasts till
the end of the current transaction, unless explicitly
destroyed. An unnamed portal is destroyed at the end of the
transaction, or as soon as the next Bind statement specifying
the unnamed portal as destination is issued. (Note that a
simple Query message also destroys the unnamed portal.) Named
portals must be explicitly closed before they can be redefined
by a Bind message, but this is not required for the unnamed
portal. Named portals can also be created and accessed at the
SQL command level, using DECLARE
CURSOR and FETCH.

Once a portal exists, it can be executed using an Execute
message. The Execute message specifies the portal name (empty
string denotes the unnamed portal) and a maximum result-row
count (zero meaning "fetch all
rows"). The result-row count is only meaningful for
portals containing commands that return row sets; in other
cases the command is always executed to completion, and the row
count is ignored. The possible responses to Execute are the
same as those described above for queries issued via simple
query protocol, except that Execute doesn't cause ReadyForQuery
to be issued.

If Execute terminates before completing the execution of a
portal (due to reaching a nonzero result-row count), it will
send a PortalSuspended message; the appearance of this message
tells the frontend that another Execute should be issued
against the same portal to complete the operation. The
CommandComplete message indicating completion of the source SQL
command is not sent until the portal's execution is completed.
Therefore, an Execute phase is always terminated by the
appearance of exactly one of these messages: CommandComplete,
EmptyQueryResponse (if the portal was created from an empty
query string), ErrorResponse, or PortalSuspended.

At completion of each series of extended-query messages, the
frontend should issue a Sync message. This parameterless
message causes the backend to close the current transaction if
it's not inside a BEGIN/COMMIT transaction block ("close" meaning to commit if no error, or roll
back if error). Then a ReadyForQuery response is issued. The
purpose of Sync is to provide a resynchronization point for
error recovery. When an error is detected while processing any
extended-query message, the backend issues ErrorResponse, then
reads and discards messages until a Sync is reached, then
issues ReadyForQuery and returns to normal message processing.
(But note that no skipping occurs if an error is detected
while processing Sync
--- this ensures that there is one and only one ReadyForQuery
sent for each Sync.)

Note: Sync does not cause a transaction block
opened with BEGIN to be closed. It
is possible to detect this situation since the
ReadyForQuery message includes transaction status
information.

In addition to these fundamental, required operations, there
are several optional operations that can be used with
extended-query protocol.

The Describe message (portal variant) specifies the name of
an existing portal (or an empty string for the unnamed portal).
The response is a RowDescription message describing the rows
that will be returned by executing the portal; or a NoData
message if the portal does not contain a query that will return
rows; or ErrorResponse if there is no such portal.

The Describe message (statement variant) specifies the name
of an existing prepared statement (or an empty string for the
unnamed prepared statement). The response is a
ParameterDescription message describing the parameters needed
by the statement, followed by a RowDescription message
describing the rows that will be returned when the statement is
eventually executed (or a NoData message if the statement will
not return rows). ErrorResponse is issued if there is no such
prepared statement. Note that since Bind has not yet been
issued, the formats to be used for returned columns are not yet
known to the backend; the format code fields in the
RowDescription message will be zeroes in this case.

Tip: In most scenarios the frontend should issue
one or the other variant of Describe before issuing
Execute, to ensure that it knows how to interpret the
results it will get back.

The Close message closes an existing prepared statement or
portal and releases resources. It is not an error to issue
Close against a nonexistent statement or portal name. The
response is normally CloseComplete, but could be ErrorResponse
if some difficulty is encountered while releasing resources.
Note that closing a prepared statement implicitly closes any
open portals that were constructed from that statement.

The Flush message does not cause any specific output to be
generated, but forces the backend to deliver any data pending
in its output buffers. A Flush must be sent after any
extended-query command except Sync, if the frontend wishes to
examine the results of that command before issuing more
commands. Without Flush, messages returned by the backend will
be combined into the minimum possible number of packets to
minimize network overhead.

Note: The simple Query message is approximately
equivalent to the series Parse, Bind, portal Describe,
Execute, Close, Sync, using the unnamed prepared statement
and portal objects and no parameters. One difference is
that it will accept multiple SQL statements in the query
string, automatically performing the bind/describe/execute
sequence for each one in succession. Another difference is
that it will not return ParseComplete, BindComplete,
CloseComplete, or NoData messages.

The Function Call sub-protocol allows the client to request
a direct call of any function that exists in the database's
pg_proc system catalog. The client
must have execute permission for the function.

Note: The Function Call sub-protocol is a legacy
feature that is probably best avoided in new code. Similar
results can be accomplished by setting up a prepared
statement that does SELECT function($1,
...). The Function Call cycle can then be replaced
with Bind/Execute.

A Function Call cycle is initiated by the frontend sending a
FunctionCall message to the backend. The backend then sends one
or more response messages depending on the results of the
function call, and finally a ReadyForQuery response message.
ReadyForQuery informs the frontend that it may safely send a
new query or function call.

The possible response messages from the backend are:

ErrorResponse

An error has occurred.

FunctionCallResponse

The function call was completed and returned the
result given in the message. (Note that the Function Call
protocol can only handle a single scalar result, not a
rowtype or set of results.)

ReadyForQuery

Processing of the function call is complete.
ReadyForQuery will always be sent, whether processing
terminates successfully or with an error.

NoticeResponse

A warning message has been issued in relation to the
function call. Notices are in addition to other
responses, i.e., the backend will continue processing the
command.

The COPY command allows high-speed
bulk data transfer to or from the server. Copy-in and copy-out
operations each switch the connection into a distinct
sub-protocol, which lasts until the operation is completed.

Copy-in mode (data transfer to the server) is initiated when
the backend executes a COPY FROM STDIN
SQL statement. The backend sends a CopyInResponse message to
the frontend. The frontend should then send zero or more
CopyData messages, forming a stream of input data. (The message
boundaries are not required to have anything to do with row
boundaries, although that is often a reasonable choice.) The
frontend can terminate the copy-in mode by sending either a
CopyDone message (allowing successful termination) or a
CopyFail message (which will cause the COPY SQL statement to fail with an error). The
backend then reverts to the command-processing mode it was in
before the COPY started, which will be
either simple or extended query protocol. It will next send
either CommandComplete (if successful) or ErrorResponse (if
not).

In the event of a backend-detected error during copy-in mode
(including receipt of a CopyFail message), the backend will
issue an ErrorResponse message. If the COPY command was issued via an extended-query
message, the backend will now discard frontend messages until a
Sync message is received, then it will issue ReadyForQuery and
return to normal processing. If the COPY command was issued in a simple Query
message, the rest of that message is discarded and
ReadyForQuery is issued. In either case, any subsequent
CopyData, CopyDone, or CopyFail messages issued by the frontend
will simply be dropped.

The backend will ignore Flush and Sync messages received
during copy-in mode. Receipt of any other non-copy message type
constitutes an error that will abort the copy-in state as
described above. (The exception for Flush and Sync is for the
convenience of client libraries that always send Flush or Sync
after an Execute message, without checking whether the command
to be executed is a COPY FROM
STDIN.)

Copy-out mode (data transfer from the server) is initiated
when the backend executes a COPY TO
STDOUT SQL statement. The backend sends a CopyOutResponse
message to the frontend, followed by zero or more CopyData
messages (always one per row), followed by CopyDone. The
backend then reverts to the command-processing mode it was in
before the COPY started, and sends
CommandComplete. The frontend cannot abort the transfer (except
by closing the connection or issuing a Cancel request), but it
can discard unwanted CopyData and CopyDone messages.

In the event of a backend-detected error during copy-out
mode, the backend will issue an ErrorResponse message and
revert to normal processing. The frontend should treat receipt
of ErrorResponse as terminating the copy-out mode.

It is possible for NoticeResponse messages to be
interspersed between CopyData messages; frontends must handle
this case, and should be prepared for other asynchronous
message types as well (see Section 44.2.6).
Otherwise, any message type other than CopyData or CopyDone may
be treated as terminating copy-out mode.

The CopyInResponse and CopyOutResponse messages include
fields that inform the frontend of the number of columns per
row and the format codes being used for each column. (As of the
present implementation, all columns in a given COPY operation will use the same format, but the
message design does not assume this.)

There are several cases in which the backend will send
messages that are not specifically prompted by the frontend's
command stream. Frontends must be prepared to deal with these
messages at any time, even when not engaged in a query. At
minimum, one should check for these cases before beginning to
read a query response.

It is possible for NoticeResponse messages to be generated
due to outside activity; for example, if the database
administrator commands a "fast"
database shutdown, the backend will send a NoticeResponse
indicating this fact before closing the connection.
Accordingly, frontends should always be prepared to accept and
display NoticeResponse messages, even when the connection is
nominally idle.

ParameterStatus messages will be generated whenever the
active value changes for any of the parameters the backend
believes the frontend should know about. Most commonly this
occurs in response to a SET SQL
command executed by the frontend, and this case is effectively
synchronous --- but it is also possible for parameter status
changes to occur because the administrator changed a
configuration file and then sent the SIGHUP signal to the postmaster. Also, if a
SET command is rolled back, an appropriate ParameterStatus
message will be generated to report the current effective
value.

At present there is a hard-wired set of parameters for which
ParameterStatus will be generated: they are server_version (a pseudo-parameter that cannot
change after startup); client_encoding, is_superuser, session_authorization, and DateStyle. This set might change in the future,
or even become configurable. Accordingly, a frontend should
simply ignore ParameterStatus for parameters that it does not
understand or care about.

If a frontend issues a LISTEN
command, then the backend will send a NotificationResponse
message (not to be confused with NoticeResponse!) whenever a
NOTIFY command is executed for the
same notification name.

Note: At present, NotificationResponse can only
be sent outside a transaction, and thus it will not occur
in the middle of a command-response series, though it may
occur just before ReadyForQuery. It is unwise to design
frontend logic that assumes that, however. Good practice is
to be able to accept NotificationResponse at any point in
the protocol.

During the processing of a query, the frontend may request
cancellation of the query. The cancel request is not sent
directly on the open connection to the backend for reasons of
implementation efficiency: we don't want to have the backend
constantly checking for new input from the frontend during
query processing. Cancel requests should be relatively
infrequent, so we make them slightly cumbersome in order to
avoid a penalty in the normal case.

To issue a cancel request, the frontend opens a new
connection to the server and sends a CancelRequest message,
rather than the StartupMessage message that would ordinarily be
sent across a new connection. The server will process this
request and then close the connection. For security reasons, no
direct reply is made to the cancel request message.

A CancelRequest message will be ignored unless it contains
the same key data (PID and secret key) passed to the frontend
during connection start-up. If the request matches the PID and
secret key for a currently executing backend, the processing of
the current query is aborted. (In the existing implementation,
this is done by sending a special signal to the backend process
that is processing the query.)

The cancellation signal may or may not have any effect ---
for example, if it arrives after the backend has finished
processing the query, then it will have no effect. If the
cancellation is effective, it results in the current command
being terminated early with an error message.

The upshot of all this is that for reasons of both security
and efficiency, the frontend has no direct way to tell whether
a cancel request has succeeded. It must continue to wait for
the backend to respond to the query. Issuing a cancel simply
improves the odds that the current query will finish soon, and
improves the odds that it will fail with an error message
instead of succeeding.

Since the cancel request is sent across a new connection to
the server and not across the regular frontend/backend
communication link, it is possible for the cancel request to be
issued by any process, not just the frontend whose query is to
be canceled. This may have some benefits of flexibility in
building multiple-process applications. It also introduces a
security risk, in that unauthorized persons might try to cancel
queries. The security risk is addressed by requiring a
dynamically generated secret key to be supplied in cancel
requests.

The normal, graceful termination procedure is that the
frontend sends a Terminate message and immediately closes the
connection. On receipt of this message, the backend closes the
connection and terminates.

In rare cases (such as an administrator-commanded database
shutdown) the backend may disconnect without any frontend
request to do so. In such cases the backend will attempt to
send an error or notice message giving the reason for the
disconnection before it closes the connection.

Other termination scenarios arise from various failure
cases, such as core dump at one end or the other, loss of the
communications link, loss of message-boundary synchronization,
etc. If either frontend or backend sees an unexpected closure
of the connection, it should clean up and terminate. The
frontend has the option of launching a new backend by
recontacting the server if it doesn't want to terminate itself.
Closing the connection is also advisable if an unrecognizable
message type is received, since this probably indicates loss of
message-boundary sync.

For either normal or abnormal termination, any open
transaction is rolled back, not committed. One should note
however that if a frontend disconnects while a non-SELECT query
is being processed, the backend will probably finish the query
before noticing the disconnection. If the query is outside any
transaction block (BEGIN ...
COMMIT sequence) then its results may
be committed before the disconnection is recognized.

If PostgreSQL was built
with SSL support, frontend/backend communications can be
encrypted using SSL. This provides communication security in
environments where attackers might be able to capture the
session traffic.

To initiate an SSL-encrypted connection, the frontend
initially sends an SSLRequest message rather than a
StartupMessage. The server then responds with a single byte
containing S or N, indicating that it is willing or unwilling to
perform SSL, respectively. The frontend may close the
connection at this point if it is dissatisfied with the
response. To continue after S, perform
an SSL startup handshake (not described here, part of the SSL
specification) with the server. If this is successful, continue
with sending the usual StartupMessage. In this case the
StartupMessage and all subsequent data will be SSL-encrypted.
To continue after N, send the usual
StartupMessage and proceed without encryption.

The frontend should also be prepared to handle an
ErrorMessage response to SSLRequest from the server. This would
only occur if the server predates the addition of SSL support
to PostgreSQL. In this case
the connection must be closed, but the frontend may choose to
open a fresh connection and proceed without requesting SSL.

An initial SSLRequest may also be used in a connection that
is being opened to send a CancelRequest message.

While the protocol itself does not provide a way for the
server to force SSL encryption, the administrator may configure
the server to reject unencrypted sessions as a byproduct of
authentication checking.